Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key

a mobile device and user technology, applied in the field of method and system of authenticating users, can solve the problems of long and difficult to predict passwords, many problems, and long passwords

Active Publication Date: 2018-10-16
HOVERKEY
View PDF34 Cites 36 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Benefits of technology

The present invention relates to a method and system of authenticating a user to a computer resource accessed via a mobile device using a portable security token, together with a secret that the user can easily remember. This secret provides a second, separate security factor that can safeguard the computer resource even if the portable security token and the mobile device are both lost or stolen together. The invention allows the user to store a master key of high cryptographic strength on the portable security token, which can be used to protect any data stored on the device with a very strong encryption key. If the device is stolen, it is then infeasible for any potential attacker to decrypt the encrypted data on it without the associated token. The invention also allows for credential synchronization across devices for the same user, obviating the need for manual entry of the same credentials multiple times.

Problems solved by technology

Despite the ubiquity of password-based systems, it has many problems.
However, in order for passwords to be secure, they should be long and hard to predict, contradictory to the former requirement.
For maximum security, this password should be long and complex.
However using a long and complex password as the password to unlock the lock screen is extremely inconvenient for the user.
Moreover, the confidential data is decrypted whenever the device has been unlocked, even when the user is not using the data, which increases the risk of a data breach unnecessarily.
The problem with this approach is that the key would either have to be protected by or derived from a password for security, or has to be stored within the app in plaintext form for usability.
The former approach inherits the same password complexity issue as the device encryption method above, while the latter offers little security as the attacker who could compromise the plaintext data could just as easily read the plaintext key and decrypt the data.
There are a number of disadvantages of such a system.
Theft of the mobile device and the token together renders the security system useless.
In particular changing of the application credential requires re-programming or replacement of the token; the number of user credentials secured by the system is limited by the (small) storage capacity of the token; and the loss of the token poses a direct risk of exposure of the user's credentials.
The system described cannot be used with pre-existing applications.
This has a number of serious disadvantages, including the necessity of using secure storage on the device.
Also, making use solely of a token identifier as a means of validating the token is likely to be insecure.
Again, the system described has a number of disadvantages, primarily that it uses a form of logical control that is relatively easy to circumvent.
More generally, in the enterprise environment there exists significant security risk from allowing users to connect mobile devices into the network due to increased likelihood of unauthorized data access (leading to loss of data confidentiality and / or integrity) resulting from:Inadvertently disclosed passcodes such as PINs or alphanumeric codes, e.g. from shoulder surfingEasily guessed passcodesLost or stolen devices that are inadequately protectedUnsupervized use of devices by a third partyThe Hoverkey system aims to provide solutions for applications to counter these threats.
If the device is stolen, it is then infeasible for any potential attacker to decrypt the encrypted data on it without the associated token.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key
  • Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key
  • Method and system of conducting a cryptocurrency payment via a mobile device using a contactless token to store and protect a user's secret key

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

: Digital Signature: function=digital signing function, plain authorization=private signing key; parameter=hash of message; output=digital signature on message hash[0039]Example 2: Key Derivation: function=HMAC-based key derivation function; plain authorization=key derivation master secret; parameters=session random numbers, output length; output=key derived from master secret[0040]Example 3: Re-encryption: function=encryption function; plain authorization=encryption key; parameter=(another) encryption key; output=the plain authorization encrypted with a different key[0041]Example 4: One-Time Passcode (OTP): function=hash-based passcode generation function; plain authorization=OTP secret key; parameter=current counter value; output=passcode computed from counter

[0042]The authorization may comprise a password, PIN or cryptographic key.

[0043]The unlock response may be transmitted to the mobile device under the protection of an encryption key, such as a session key.

[0044]The token may ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

A method and system of conducting a cryptocurrency payment via a mobile device, using a contactless token to store and protect a user's secret key. A cryptocurrency wallet encrypted with the secret key is received by the mobile device from the token. A cryptocurrency payment instruction is received by the mobile device, prompting for a user credential to approve the instruction. In response the mobile device sends to the token a message comprising the encrypted wallet together with the payment instruction and the user credential. Using the secret key, the token then decrypts the cryptocurrency wallet from the encrypted wallet and creates a payment transaction by digitally signing the payment instruction, and transmitting the payment transaction to a cryptocurrency network or exchange. Confirmation of the transaction requires either a PIN, biometric or fingerprint on the mobile device, or authentication via button press, PIN or fingerprint on the token.

Description

BENEFIT CLAIM[0001]This application claims the benefit under 35 U.S.C. § 120 as a Continuation-in-Part of application Ser. No. 14 / 855,186, filed Sep. 5, 2015, which is a Continuation-in-part of application Ser. No. 14 / 174,727, filed Feb. 6, 2014, which is a Continuation of application Ser. No. 14 / 091,183, filed Nov. 26, 2013, now U.S. Pat. No. 9,210,133, which is a Continuation-in-part of application Ser. No. 13 / 706,307, filed Dec. 5, 2012, now U.S. Pat. No. 9,135,425, and which claims the benefit under 35 U.S.C. § 119 of Great Britain application GB 1221433.4, filed Nov. 28, 2012, and Great Britain application GB 1303677.7, filed Mar. 1, 2013 and granted as GB 2496354.1. INTRODUCTION[0002]The present application relates to a method and system of authenticating a user to a computer resource accessed via a mobile device using a portable security token (for example a contactless smart card or bracelet), together with a secret that the user can easily remember (for example a PIN code)....

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(United States)
IPC IPC(8): H04L9/32H04W12/06G06Q20/40H04W4/80G06Q20/32G06Q20/36G06Q20/38G06F21/44G06F21/34H04L29/06G06Q20/06H04L9/06
CPCG06Q20/065G06F21/445G06Q20/3278G06Q20/3678G06Q20/3821G06Q20/3829G06Q20/38215G06Q20/4097H04L9/3213H04L9/3226H04L63/0428H04L63/0492H04L63/083H04L63/0807H04L63/0853H04L63/0869H04L63/105H04L63/18H04W4/80H04W12/06G06F21/34H04L2463/082G06Q2220/00H04L9/0637H04L63/0861H04L2209/56H04L2209/80H04W12/069
Inventor YAU, ARNOLDIVES, STEVEPORTER, CHRIS
Owner HOVERKEY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products